VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.
Transcript of VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.
1
VERSION HISTORY
VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE AUTHOR
PREPARED BY TITLE DATE
APPROVED BY TITLE DATE
VULNERABILITY ASSESSMENT REPORT
2
TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................................................................. 2
1. INTRODUCTION ............................................................................................................................................................. 4
2. PROJECT SCOPE ........................................................................................................................................................... 4
A. IN SCOPE .................................................................................................................................................................... 4
B. OUT OF SCOPE ........................................................................................................................................................... 4
3. ACTIVITIES SCHEDULE ................................................................................................................................................... 5
A. FIRST DAY .................................................................................................................................................................... 5
B. SECOND DAY ............................................................................................................................................................. 5
C. THIRD DAY ................................................................................................................................................................... 5
4. BACKGROUND INFORMATION .................................................................................................................................... 6
5. CLIENT ORGANIZATION ................................................................................................................................................ 6
6. ASSET IDENTIFICATION .................................................................................................................................................. 7
A. ASSET IDENTIFICATION PROCESS .............................................................................................................................. 7
B. TANGIBLE ASSETS ........................................................................................................................................................ 7
C. INTANGIBLE ASSETS .................................................................................................................................................... 7
7. THREAT ASSESSMENT ..................................................................................................................................................... 8
A. THREAT ASSESSMENT PROCESS ................................................................................................................................. 8
B. THREATS TO THE CLIENT ORGANIZATION ................................................................................................................. 8
B1. NATURAL THREATS ........................................................................................................................................................ 8
B2. INTENTIONAL THREATS .................................................................................................................................................. 8
B3. UNINTENTIONAL THREATS ............................................................................................................................................. 8
8. LAWS, REGULATIONS, AND POLICY ............................................................................................................................ 9
9. FEDERAL LAW AND REGULATION ................................................................................................................................ 9
10. CLIENT ORGANIZATION POLICY .................................................................................................................................. 9
A. VULNERABILITIES: CLIENT ORGANIZATION POLICY ................................................................................................ 10
11. PERSONNEL .................................................................................................................................................................. 11
A. MANAGEMENT ......................................................................................................................................................... 11
B. OPERATIONS ............................................................................................................................................................. 11
C. DEVELOPMENT ......................................................................................................................................................... 11
D. VULNERABILITIES: PERSONNEL ................................................................................................................................. 12
12. NETWORK SECURITY .................................................................................................................................................... 13
A. PUBLIC NETWORK RESOURCES AND SITES .............................................................................................................. 13
B. PARTNER CONNECTIONS AND EXTRANETS ............................................................................................................ 13
C. VULNERABILITIES: NETWORK SECURITY ................................................................................................................... 14
3
13. SYSTEM SECURITY ........................................................................................................................................................ 15
A. VULNERABILITIES: SYSTEM SECURITY ........................................................................................................................ 15
14. APPLICATION SECURITY .............................................................................................................................................. 16
A. VULNERABILITIES: APPLICATION SECURITY ............................................................................................................. 16
15. OPERATIONAL SECURITY ............................................................................................................................................ 17
A. VULNERABILITIES: OPERATIONAL SECURITY ............................................................................................................ 17
16. PHYSICAL SECURITY .................................................................................................................................................... 18
A. VULNERABILITIES: PHYSICAL SECURITY .................................................................................................................... 18
B. VULNERABILITIES: BUILDING ..................................................................................................................................... 19
C. VULNERABILITIES: PERIMETER SECURITY ................................................................................................................... 20
D. VULNERABILITIES: SERVER AREA .............................................................................................................................. 21
17. SUMMARY .................................................................................................................................................................... 22
18. ACTION PLAN .............................................................................................................................................................. 22
19. REFERENCES ................................................................................................................................................................ 23
4
1. INTRODUCTION
2. PROJECT SCOPE
A. IN SCOPE
B. OUT OF SCOPE
5
3. ACTIVITIES SCHEDULE A. FIRST DAY
B. SECOND DAY
C. THIRD DAY
6
4. BACKGROUND INFORMATION
5. CLIENT ORGANIZATION
7
6. ASSET IDENTIFICATION A. ASSET IDENTIFICATION PROCESS
B. TANGIBLE ASSETS
C. INTANGIBLE ASSETS
8
7. THREAT ASSESSMENT A. THREAT ASSESSMENT PROCESS
B. THREATS TO THE CLIENT ORGANIZATION B1. NATURAL THREATS
B2. INTENTIONAL THREATS
B3. UNINTENTIONAL THREATS
9
8. LAWS, REGULATIONS, AND POLICY
9. FEDERAL LAW AND REGULATION
10. CLIENT ORGANIZATION POLICY
10
A. VULNERABILITIES: CLIENT ORGANIZATION POLICY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
11
11. PERSONNEL
A. MANAGEMENT
B. OPERATIONS
C. DEVELOPMENT
12
D. VULNERABILITIES: PERSONNEL
VULNERABILITY EXPLANATION RISK RECOMMENDATION
13
12. NETWORK SECURITY
A. PUBLIC NETWORK RESOURCES AND SITES
B. PARTNER CONNECTIONS AND EXTRANETS
14
C. VULNERABILITIES: NETWORK SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
15
13. SYSTEM SECURITY
A. VULNERABILITIES: SYSTEM SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
16
14. APPLICATION SECURITY
A. VULNERABILITIES: APPLICATION SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
17
15. OPERATIONAL SECURITY
A. VULNERABILITIES: OPERATIONAL SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
18
16. PHYSICAL SECURITY
A. VULNERABILITIES: PHYSICAL SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
19
B. VULNERABILITIES: BUILDING
VULNERABILITY EXPLANATION RISK RECOMMENDATION
20
C. VULNERABILITIES: PERIMETER SECURITY
VULNERABILITY EXPLANATION RISK RECOMMENDATION
21
D. VULNERABILITIES: SERVER AREA
VULNERABILITY EXPLANATION RISK RECOMMENDATION
22
17. SUMMARY
18. ACTION PLAN
23
19. REFERENCES
24
DISCLAIMER Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.